Exploit the possiblities
Showing 1 - 25 of 31 RSS Feed

Files

asb00-22.httpd32.exe
Posted Aug 8, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-22) - The Cerberus Security Team has released an advisory about a security issue in the O'Reilly Website Pro web server. The issue could allow a malicious user to execute arbitrary code. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers see O'Reilly's support options for further information about this issue.

tags | web, arbitrary
MD5 | 87341990c65795889707e7e42e307ce5
asb00-21.webfind.exe
Posted Aug 8, 2000
Site allaire.com

The Cerberus Security Team has released an advisory about a security issue in the O'Reilly Website Pro web server. The issue could allow a malicious user to execute arbitrary code. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers see O'Reilly's support options for further information about this issue.

tags | web, arbitrary
MD5 | b6ce0bc3861873ddbd9ba4912ab79280
asb00-20.absentdirectory
Posted Aug 8, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-20) - Microsoft has released a patch for two security vulnerabilities in Microsoft Internet Information Server. In sum, the vulnerabilities could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.

tags | web, vulnerability
MD5 | ec6ac93f06e23862db17da106688fd4c
asb00-16.storedperm
Posted Jul 25, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-16) - Microsoft has released a patch for a security vulnerability in Microsoft SQL Server 7.0. The vulnerability could allow a malicious user to run a database stored procedure without proper permissions. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.

MD5 | 370004784395c107509b43fe1a8e7afa
asb00-17.dts.password
Posted Jul 25, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-17) - Microsoft has released an updated patch that eliminates a security vulnerability in Microsoft(r) SQL Server 7.0. The vulnerability could allow a malicious user to compromise passwords. The updated patch also addresses a related problem with the Enterprise Manager Server registration dialog. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.

MD5 | da0752a106863377b1af0f4910a1f3d5
asb00-15.jrun.samplecode
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-15) - JRun 2.3.x includes a number of example applications and sample code that expose security issues. JRun 3.0 addresses the viewsource.jsp issue. Allaire strongly recommends that customers follow the best practice of not installing sample code and documentation on production servers, and removing the sample code and documentation files from production servers and restricting access to those directories where they are installed on workstations.

MD5 | e94d56741d8066033490a1a8293fb3f2
asb00-14.coldfusion.admin
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-14) - Allaire has recently been notified by Foundstone, Inc. (see Revisions section below for contact information) of a denial of service attack against an unprotected installation of the ColdFusion Administrator. This issue only affects ColdFusion Servers that have not followed Allaire's recommendations in the Allaire Security Best Practices article 10954.

tags | denial of service, add administrator
MD5 | ceccb518e5bf04b3975045321d9b1a9f
asb00-13.iis.htr.request
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-13) - Microsoft has released a patch for two security vulnerabilities in Microsoft(r) Internet Information Server. The vulnerabilities could, respectively, be used to slow an affected web server's response or to obtain the source code of certain types of files under very restricted conditions. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.

tags | web, vulnerability
MD5 | 193258e275f4bf44ef3af0b0281e1d78
asb00-11.iis.imagemap
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-11) - A procedure is available to eliminate a security vulnerability affecting several web server products. The vulnerability could potentially allow a malicious web site visitor to perform actions that the system permissions authorize him to perform, but which he previously may have had no means of actually carrying out. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.

tags | web
MD5 | 64ff08b95cf484851db9a133fc6d98ca
asb00-08.iis.escaped
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-08) - Microsoft has announced a Microsoft has released a patch for a security vulnerability in Microsoft(r) Internet Information Server. The vulnerability could allow a malicious user to slow a web server's response or prevent it from providing service altogether for a period of time. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.

tags | web
MD5 | e01a1fb4c6360ab15acd88334ccf22d3
asb00-09.iis.linkview
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-09) - Microsoft has released a procedure to eliminate a security vulnerability that could allow a malicious user to cause a web server to crash, or potentially run arbitrary code on the server, if certain permissions have been changed from their default settings to inappropriate ones. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.

tags | web, arbitrary
MD5 | 7c7ebab5aa6415205df2158a47166718
asb00-10.spectra.preview
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-10) - The Spectra Container Editor Preview does not properly enforce object security. Allaire has released a patch that addresses this issue.

MD5 | d68c2c3a601ef9b11f343fd1985abf10
asb00-07.hithighlight
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-07) - Microsoft has announced a vulnerability for Microsoft IIS which exposes the ability to use a malformed URL to read the source code of ASP, CFML, Perl and other files that are on a server. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users.

tags | perl, asp
MD5 | ff8f49f8316ff6560f047c56fabef015
asb00-06.forums
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-06) - Allaire has recently been notified of a security issue in the Allaire Forums 2.0.5 software. This behavior allows users to view and post to secure discussion threads via unsecured conferences and/or through email. This issue affects multiple templates in the Forums software. Updated versions of the affected templates are available from the following link: Download - Allaire Forums 2.0.5 Security Patch.

MD5 | ade5ff08b372e1c1e6fb121a559ddeb9
asb99-11.mdac_rds
Posted Jul 1, 2000

asb99-11.mdac_rds

MD5 | e2179c59cb2a70cdd3142b67c23b99dc
asb00-05.cross.site.scripting
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-05) - A new type of security attack called "cross-site scripting" has surfaced which is based on common website design flaws and data manipulation that web browsers use when communicating with web servers. While the problem is not a vendor-specific issue, it does affect many web servers and virtually all web browsers currently in use. The problem lies with the design and coding techniques of web sites that serve dynamically generated HTML pages rather than the software the websites themselves run on.

tags | web, xss
MD5 | bcc7a83a8dc1242efc0a3a693d749170
asb00-04.spectraauth
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-04) - There is a security issue with the Spectra 1.0 Remote Access Service invoke.cfm template. Normally users must be authenticated in the webtop security context in order to even attempt to use the Remote Access Service. However, if the user passes a parameter called "bAuthenticated" via the URL, a form field, or a WDDX packet, and the user does not specify a username, a bug allows them to use the Remote Access Service even if they are not in the webtop user directory.

tags | remote
MD5 | 51ea1428a3787f7ea58db829256c3d14
asb00-01.spectrawebtop
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-01) - The Allaire Spectra 1.0 Webtop allows authenticated users to access sections of the Webtop they may not have been granted access to by typing explicit URLs. This exploit does not give anyone access to the Webtop who does not already have permissions to at least one section of the Webtop.

MD5 | fb2f039affb384c48bc2d1a8e9b964e2
asb00-02.spectrados
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-02) - When installing Allaire Spectra 1.0, a web-based Configuration Wizard is used to finalize a number of configuration settings, including a step which indexes data collections on the server. This step of the Configuration Wizard can be accessed via URL and the collections can be resubmitted for indexing. This could be used in a denial of service attack on an Allaire Spectra server.

tags | web, denial of service
MD5 | b301a471c650bc6cb84cd31459e26055
asb00-03.cfcache
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-03) - Patch Available For Potential Information Exposure by the CFCACHE Tag. The CFCACHE tag is a feature available in ColdFusion 4.x to perform template caching to increase page delivery performance by intelligently compiling and storing the output of CFML pages for faster access. When this tag is utilized in a .CFM page it creates several temporary files, including one that contains absolute filenames with directory path information, URL parameters and timestamps. In ColdFusion 4.0x, these files are stored in the same directory as the .CFM page, usually in a publicly accessible web document directory.

tags | web
MD5 | db11e35811a8db95e915bfbd5d9a53ff
asb00-12.querystring
Posted Jul 1, 2000
Site allaire.com

Allaire Security Bulletin (ASB00-12) - ClusterCATS Appends Stale Query String to URL Line during HTML Redirection. The vulnerability potentially releases confidential query string information on redirect. Affected software versions include ClusterCATS ColdFusion.

MD5 | a1ab2891a0e9049c67bc337d3d3a1d2d
asb99-01.expression_evaluator
Posted Sep 23, 1999

asb99-01.expression_evaluator

MD5 | 2d55fad4c8b642e1a06363a081cf70c0
asb99-02.coldfusion_example_apps
Posted Sep 23, 1999

asb99-02.coldfusion_example_apps

MD5 | f29d8f02da972142b9bd3b180130e307
asb99-03.miis_DATA
Posted Sep 23, 1999

asb99-03.miis_DATA

MD5 | 5eaf1d274a4413a0f6641d4632bf9a35
asb99-04.mult_sql_statements
Posted Sep 23, 1999

asb99-04.mult_sql_statements

tags | sql injection
MD5 | efa68e5e37f4f4e4ceb148ce13a5afe4
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close